1. Field of the Invention
The present invention relates generally to the field of logic circuits, in particular to integrated electronic circuits such as e.g. application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs) or system-on-chip and, more specifically, to a method for protecting an integrated circuit against unauthorized accessing of key registers, where via the data stored in the key registers, functions and/or applications of the integrated circuit are enabled and/or activated, e.g., at startup of the integrated circuit and/or during ongoing operation.
2. Description of the Related Art
Particularly in computer technology, electronic or logic circuits nowadays form the basis of any electronics. These circuits are often implemented as integrated circuits. This means that the electronic circuit consists of a circuit comprising interconnected components that are accommodated on a single substrate, usually a semiconductor substrate. An integrated circuit mostly has a large number of diverse components and subassemblies connected via conductor tracks on or in a single-crystal substrate, i.e., the chip. Integration enables circuits having extensive applications and functions to be provided and technically implemented in a small space.
One use of integrated circuits is application-specific integrated circuits (ASICs) that are created for specific applications. With ASICs, the functions and applications of the integrated circuit are explicitly defined as early as the design, development and production stage. That is, they are fixed and are not designed to be manipulated following manufacture. However, there are now also a large number of ASICs that incorporate microprocessors, signal processors, etc. and which therefore offer a degree of flexibility for the functions and applications running thereon.
In contrast to ASICs, field-programmable gate arrays or FPGAs are programmable integrated circuits that can be programmed by definitions of functional structures and by specifying structure rules. This means that the circuit structures of a FPGA can be defined and/or changed after manufacture via data loaded into the FPGA (e.g., structure rules, or wiring diagrams). Using an FPGA chip, different circuits can therefore be implemented by programming and the circuit or implemented functions can then be modified, improved or extended by a user. FPGAs can therefore be used to develop devices ranging from simple counters (e.g., synchronous counters) to highly complex circuits (e.g., microprocessors).
Further miniaturizations and increasing levels of integration now allow complete systems comprising, e.g., a plurality of processors, controllers, memory units, power management and other components to be accommodated on one chip. These systems are known as system-on-chip (SoC) and are used in areas in which small dimensions with relatively high powers and a multiplicity of functions are required, such as in mobile communications, for smartphones, or embedded computers. A system-on-chip incorporates all or at least a large part of the system functions in the form of hardware components (e.g., processors, memory units, or peripheral units) and software components (e.g., applications, or programs) in an integrated circuit on a single chip. The hardware components of the system-on-chip are connected via a mainly hierarchical or at least segmented bus system.
In the case of integrated circuits such as ASICs, or FPGAs, particular functions and applications are protected by key data (“magic keys”) against unauthorized accesses, such as hacker attacks, or address space scans. A function protected in this way is, for example, enabling or activating an interface or a specific application reserved exclusively for higher-grade products or software components. When the integrated circuit or unit to which the integrated circuit belongs is powered on, these functions are initially disabled and are only enabled and activated as required by, e.g., a software component or another application of the integrated circuit at startup or also during ongoing operation. In addition, security and safety functions of the integrated circuit are often protected against unauthorized accesses by key data or are activated by key data, e.g., during startup of the integrated circuit after power-on.
For this purpose, the key data or “magic keys” are mainly values hard-coded in the hardware of the integrated circuit, such as a 32-bit data word. These values are then entered in special registers so-called (i.e., key registers or enable registers) using write accesses for enabling and/or activating the corresponding functions or applications. In computer technology, the term register refers to a memory area by which operands and results of calculations or program runs are directly recorded within the integrated circuit. Only when a correct item of key data has been written to the corresponding key or enable register will the associated function, interface, security function, etc. be enabled or activated. Knowledge of addresses of the key registers and key data can therefore make integrated circuits such as ASICs, FPGAs, or SoCs vulnerable to tampering. Therefore, in the case of systematic hacker attacks an attempt may be made to access such information, e.g., via an address space scan or by selective, systematic trying-out of all the possible data values for key data.
Integrated circuits indeed have, for example, security and/or safety functions (mostly in the form of software components). However, these functions mostly only protect the integrated circuit from unauthorized accesses, or data manipulation during ongoing operation. The security functions are, however, mainly not activated until a startup phase of the integrated circuit, e.g., via key registers or enable registers containing key data. In other words, particularly prior to or in the startup phase, the integrated circuit is not protected against unauthorized access especially to key registers and the security functions themselves can be manipulated, as an integrated circuit itself as an electronic (hardware) device does not usually have functionalities for protecting against attacks by, e.g., programs loaded onto the device from outside (e.g., malware). These programs make it possible, for example, to spy out where key registers are located in the address space or which register settings are used to effect particular functions, enabling of interfaces, etc. The information obtained thereby may then, for example, allow the circuit to be replicated and/or permit targeted hacker attacks by which, for example, sensitive data can be manipulated or transmitted out.
It is true that there exists, e.g., the possibility of keeping key registers, the corresponding access addresses and the associated key data secret or concealing them. However, this provides limited protection against attempts to spy out key registers or enable registers or obtain information such as key register addresses and key data via unauthorized accesses. In addition, unauthorized intrusion into the integrated circuit is very difficult to detect and therefore no rapid protective action can be taken.